» youbo_c17.exe
Overview
Analysis
File Details
Downloads (2)

youbo_c17.exe

刘诗诗

The application youbo_c17.exe by 刘诗诗 has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.baidu.com and multiple other hosts.

File name:

youbo_c17.exe

Publisher:

刘诗诗 (signed and verified)

Description:

优播高清影视安装程序

Version:

4.5.12.1129

MD5:

285a2219c14e1d62ed1ad6b36e67d015

SHA-1:

704036f86d7478eccaccae7fcb5d393a36b4b9de

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/16/2024 9:35:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Generic.923470

300

Agnitum Outpost

Trojan.DownLoader

7.1.1

Avira AntiVirus

BDS/Rogue.1417392

8.3.2.4

Arcabit

Backdoor.Generic.DE174E

1.0.0.637

AVG

Generic7

2017.0.2778

Baidu Antivirus

Adware.Win32.SBYinYing

4.0.3.16410

Bitdefender

Backdoor.Generic.923470

1.0.20.505

Clam AntiVirus

Win.Trojan.Graftor-1905

0.98/21511

Comodo Security

ApplicUnwnt

23817

Dr.Web

Trojan.DownLoader11.23578

9.0.1.0101

Emsisoft Anti-Malware

Backdoor.Generic.923470

8.16.04.10.01

ESET NOD32

Win32/Adware.SBYinYing (variant)

10.12758

F-Secure

Backdoor.Generic.923470

11.2016-10-04_1

G Data

Backdoor.Generic.923470

16.4.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.212.18175

McAfee

Artemis!285A2219C14E

5600.6434

MicroWorld eScan

Backdoor.Generic.923470

17.0.0.303

NANO AntiVirus

Trojan.Win32.DarkKomet.dennwl

1.0.10.5081

nProtect

Backdoor.Generic.923470

15.12.21.01

Vba32 AntiVirus

Backdoor.DarkKomet

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

45948

Zillya! Antivirus

Downloader.Agent.Win32.221069

2.0.0.2573

File size:

1.4 MB (1,417,392 bytes)

Product version:

1.1.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\youbo_c17.exe

Digital Signature

Signed by:

刘诗诗

Authority:

WoSign CA Limited

Valid from:

6/11/2014 4:48:01 PM

Valid to:

6/11/2015 4:48:01 PM

Subject:

CN=刘诗诗, E=5011net@sina.com, L=常山县, S=浙江省, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

05767A56D82D3A4015513D7E7534F5F1

File PE Metadata

Compilation timestamp:

6/23/2014 8:25:42 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:o7wWzU9mW2uUrRLfVh/lqlRLKKiH+bsqImPCZZJjomDOZx1ZAi6hRbhji:o7FzU9ryNdhlEZKK31CZPjomwvZwji

Entry address:

0x2B0001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 00, 2B, 00, 83, BD, 7D, 04, 00, 00, 00, 89, 9D, 7D, 04, 00, 00, 0F, 85, C0, 03, 00, 00, 8D, 85, 89, 04, 00, 00, 50, FF, 95, 09, 0F, 00, 00, 89, 85, 81, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, 05, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74... 
[+]

Entropy:

7.9779

Packer / compiler:

ASPack v2.12

Code size:

1.4 MB (1,482,240 bytes)

The file youbo_c17.exe has been seen being distributed by the following 2 URLs.

http://www.baidu.com/cb.php?c=IgF_pyfqnHRzPHRYnHD0IZ0qnfK9ujYkPjcvrHTs0Aw-5HDYn1mLPWT0TAq15HfzrHb1nfK15Hnsm1w-m1N9ujK9mhD1PHR0uZfqnHfsrHT1P1czPfKdThsqpZwYTjCEQvkGUh_8uA7EUA-JpyD8mvqVQLPEuMf8TA9s5LPY5gwMFMKG5RchIybqnHD30ZFb5HT0mhYqn0KsTWYs0ZNGujY1PjT4nWRY0AqGujYknj03rj00mv-b5Hcsn1Rdn6KEIv3qrHTLP1m0mLFW5Hf3rj01

http://www.baidu.com/cb.php?c=IgF_pyfqnHRznHTsn1c0IZ0qnfK9ujYkn1czPWTs0Aw-5HD1nj01Pj00TAq15H63njmLPsK15H6knHmYP16smHuWnW--uj60uZfqnHfsPHRLrH63nfKdThsqpZwYTjCEQvkGUh_8uA7EUA-JpyD8mvqVQLPEuMf8TA9s5LPY5gwMFMKG5RnhIybqnHTh0ZFb5HT0mhYqn0KsTWYs0ZNGujYkn1b1nHfv0AqGujYzrjD3rfKWpyfqn1ndPHRk0AqLUWYzP1f4nfKWThnqrjTdr0

Remove youbo_c17.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.